Join Me Here

.

..

...

Internal Controls and Risk Management

May 25, 2017

Scams and con games display humanity in all its frailties – they thrive at the intersection of the voracity of the perpetrators and the credulity of the victims.

In Caravaggio’s great painting from 1594, “The Fortune Teller,” the foolish young noble is seduced by the promises of the fetching eponym, even as she deftly lifts the gold ring from his finger.

Two notorious figures from the years of financial crisis – Steve Cohen and Jon Corzine – briefly side-lined for their misdeeds, are now maneuvering ambitiously for regained access to investor funds.

Reporting on both is detailed – seehere and here – so little summary is needed. Corzine – alumnus of Goldman Sachs, the United States Senate and the New Jersey governorship – steered brokerage house MF Global into an aggressive strategy based on European sovereign debt, only to crash in October 2011 amid charges of supervisory failings and misuse of customer funds. Having avoided criminal charges and settled with customers and regulators, Corzine now proposes a Shakespeare-worthy fifth act: to work around a lifetime ban on activities requiring CFTC registration, by starting his own hedge fund with an initial target of $ 150 million – presumably the first drops in a significantly more capacious bucket.

Cohen – operating on a different scale – avoided personal prosecution over insider-trading charges for which his SAC Capital pled guilty and was shut down in 2013. His settlement with the SEC three years later imposed only a short-term ban on managing outside money, scheduled to run out in 2018.

The public statements of neither one displays remorse, repentance or changed behavior. So what should be the expectations of potential investors invited forward to re-fill their cookie jars?

Over a career that concentrated on the outbreaks of major financial malfeasance, it was my observation that the rate of recidivism among white-collar criminals runs close to 100% -- or if any less, it’s so high that careful risk assessment should presume a malefactor’s likely relapse.

It was no surprise, for example, that Barry Minkow, infamous in the 1980s for ZZZZ Best, should have been returned to prison in 2011 and then have his sentence extended, for treasury irregularities at the church of his supposed post-sentence reformation and redemption. Nor that Jordan Belfort, the “Wolf of Wall Street,” who in 1996 crashed his boiler-room Stratton Oakmont to the tune of $ 200 million in customer losses, should be touring the world lecture circuit in high style while disputes continue as to the extent of recoveries provided to his victims.

Or that while Sam Antar, the financial manipulator behind “Crazy Eddy,” makes plain his cynicism at the efforts of most oversight agencies, he also candidly confesses (@SamAntar) that given the opportunity, he would cheerfully resume his life of felonious chicanery.

Which is all consistent with human nature outside the financial arena. New York congressman Anthony Wiener’s remorseful protestations of cleansed behavior in 2011 gave way soon enough to the emergence of a continuing sordid record with underage girls and his May 2017 guilty plea to charges of obscenity with a minor.

And the divergent criminal and civil verdicts in 1995 and 1997 as to O.J. Simpson’s responsibility for his wife’s brutal murder were unsurprisingly followed in 2007 by his arrest, conviction and lengthy prison sentence on charges of assault, kidnapping and armed robbery.

On the risk management side of this culture of recidivism -- and as a sub-set of Warren Buffett’s observation that the four dangerous words in the framing of investing strategy are “this time it’s different” – their over-confidence and credulity keep the sheep returning cheerfully for repeated shearings. Two examples:

First, as I wrote here back in 2009, was the investors’ unexercised ability to discern the fantasy in Bernie Madoff’s Ponzi scheme, simply from the corruption and irregularities evident in his vaunted golf game that put on clear display the deficiencies in his trustworthiness.

The second was the sadly typical reaction of a public company audit committee I experienced, who in the search for a new CFO were gulled by the plea of an applicant with a checkered past, that he had paid his dues to society and was entitled to a fresh start. The extent of their enhanced oversight was limited to the gauzy phrase, “just keep the kid away from the cash” – an approach that quickly came to grief amid the company’s financial collapse driven by pervasive executive criminality.

Generosity of spirit can be a guide down paths of empathy for the plight of wrong-doers, to be sure. Confession and penance and forgiveness have their place in a caring world – perhaps best achieved through support for the emotions and the spirit. At the same time, investors of their own funds and those with responsibility for the safe-guarding of the funds of others – whether corporate assets or endowment funds or the Sunday collection basket – need to separate sentiment and magnanimity from their own exposure and liability.

And this is especially true, when the providers of forensic services in financial fraud detection and prevention continue to be unable to parse the behavioral traits of “large” executive figures – over-sized ego, seductive personality, unwillingness to accept criticism, dissent or bad news – to differentiate between those deserving elevation to pedestals of iconic success, and those bound for or at least deserving of indictment and incarceration.

The Madoff investors did not lack for alternatives – the sleepy audit committee had a portfolio of applications – and the roster of hedge fund managers is fully populated – without resort to those whose prior records should invoke a very simple principle:

“Fool me once – shame on you – but….”

It being said that predictions are notoriously hard, especially about the future, it would not be a great surprise if, some few years hence, there is cause to re-visit the financial fortune-tellings of Messrs. Corzine and Cohen.

Thanks for joining this dialog. Please share with friends and colleagues. Comments and feedback are invited and welcome, and subscription sign-up is easy and free – both on the Main page.

March 01, 2017

This space will not use the name of the PwC partner who re-wrote the Best Picture finale of the February 26 Academy Awards ceremonies by handing the wrong envelope to Warren Beatty. That poor bastard is going through enough, and no good is served by giving the search engine voyeurs any further satisfaction.

History’s list is lengthy of accomplished, good-faith professionals whose extended records of success are instantly dissolved into public notoriety:

Dodger pitcher Ralph Branca became defined by Bobby Thompson’s walk-off home run, the “shot heard ‘round the world,” as the Giants won the 1951 National League play-off.

Mercury astronaut Gus Grissom was saddled thereafter with the loss of Liberty Bell on July 21, 1961 -- flooded and sunk when the explosive hatch bolts blew on landing.

Age 19, Fred Merkle became forever “Bonehead” for his failure to tag second base and the Giants’ resulting loss to the Cubs on September 23, 1908.

Aviator Douglas Corrigan may well have been deliberate in his 1938 solo flight from Brooklyn to Ireland, but the sobriquet “Wrongway” was applied and stuck.

Up through the ranks, a twenty-year partner with firm-wide leadership at PwC – now to be known as the guy who had an inopportune Twitter moment. It is seriously unfortunate that if past patterns hold, his career clock is ticking -- nor would it be a great surprise if he were shortly to crawl under the team bus rather than wait at risk of being thrown there.

Unfortunate, because the meticulous methodology by which PwC has for decades gathered and counted and protected the identity of the Oscar winners – including the ego-boost of blinging up and marching the briefcases down the glamorous red carpet -- was wholly irrelevant in the few seconds that demonstrated once again that any system designed and run by fallible human beings has a non-zero chance of catastrophic failure.

Which means that – whatever his own conduct -- the potential for failure was inherent and unsolved at the firm’s level of design and execution.

Behavioral psychologists going back to the pioneering work of Daniel Kahneman and Amos Tversky in the 1970s have laid out the necessity of failure-mitigating techniques to deal specifically with the human factor – mainly by acknowledging explicitly and dealing with the inevitability of sub-optimal individual actions.

As the students in my class in Risk Management could design as a classroom exercise – the unmanaged risk of an envelope switch starts with the basic failure to recognize that the messenger should be prevented from access to more than one at a time.

“Take the one correct envelope in hand, and pass it to the ageing and near-sighted former movie idol” – who by the way was demonstrably useless as a fail-safe or means of quality control.

For which, secure and control each last-used envelope, before moving on to the next award. Get both copies out of reach and out of harm’s way. Keep the courier from touching any but the next one in the queue -- perhaps clamping a controlling minder to his elbow off-stage.

Business and industrial processes provide examples of such safety checks – physical distance between machinery switches, forcing an operator to take two separate actions to activate a hydraulic press or a cutting tool; “dead-man” cut-offs to disable a run-away vehicle; assembly lines and hospital surgeries and nuclear missile silos with dual controls to prevent a solo mishap.

Withal, there may be three sources of comfort for PwC’s sorry point man in this firm-based debacle:

First, because the delivery of audit services to the world’s large companies is completely dominated by the Big Four -- among which, with their 2016 global revenues either side of $ 36 billion, PwC vies with Deloitte as the largest -- the likelihood of negative, reputation-driven impact is constrained by the absence of client choice. And as PwC’s threatening exposures are paralleled among both the other Big Three and their smaller colleagues, that would caution against any exercise of competitive schandenfreude. In other words, to those actually choosing among the cartel of providers, the Oscars fubar is already old news.

Second, the leader of PwC’s engagement for the Academy would not be listed on the PCAOB’s new Form AP, which identifies lead partners only on the audits of US public companies.

That exercise, in its first year, is of no use in spotting potential performance issues with large-firm personnel other than the lead partner – both because of the mobility of partners among various functions and also because of the team nature of large-company engagements – and so has yet to demonstrate any value.

And third, in any event, enjoying the handsome returns of a senior partner, when average annual Big Four partner profits are running well above $ 1 million, should cushion whatever personal impact may be imposed by the lifetime label, “Moonlight.”

Thanks for joining this dialog. Please share with friends and colleagues. Comments are solicited and welcome, and subscription sign-up is easy and free, both at the Main page.

November 04, 2014

It was my pleasure this week to write this guest post for my friend in London, Anthony Fitzsimmons, the Chairman of Reputability -- the UK consultancy firm that educates and instructs corporate boards and senior leaders on behavioral, organizational and reputational risks. It is posted on their blog here, and in full below.

Three immediate predictions were available, when British food retailer Tesco announced in September that its first-half profits were over-stated by some £ 250 million, because of irregular accounting for supplier discounts and rebates:

The number would grow.

The affected time period would extend.

The four company executives promptly suspended would soon be joined by others.

The casualty count of suspended executives is up to eight, plus the announced resignation of chairman Sir Richard Broadbent.

And as shouted yet again, by the Financial Times, no less – “Where were the auditors?”

It’s the same hue and cry that has been raised with every outbreak of serious financial scandal since independent audit was invented in the Victorian era.

The business, legal and regulatory structure under which the Big Four accounting tetrapoly – Deloitte, EY, KPMG and PwC -- provides statutory assurance on the financial statements of the world’s large companies – the model of Big Audit – remains firmly in place. But with much current exploration of corporate governance and board effectiveness, the notion of “auditor effectiveness” faces this fundamental question:

Is the traditional form of audit assurance – a “true and fair view,” or its American cognate, “fairly presented in all material respects” – fit for purpose, if it only works generally well, most of the time – up to the point, as in Tesco, when it seems not to work at all?

Lessons from my graduate-level business and law school course in Risk Management and Decision-Making are useful, going to the very nature of the core expectations and limitations of Big Audit, at levels deeper than have been plumbed to date.

Recent progress on the subject of corporate risk has been considerable -- chiefly on the company side of the complex relationships among issuers of financial information, the communities of information users both inside and outside those companies, and the auditors themselves – to identify such systemic threats as risk blindness, ambiguous leadership attitudes about ethos and culture, defects in communications, and skewed performance and compensation incentives.

Behavioural scholarship suggests that these concerns are no less present in the audit function – with its execution dependent on the behavioural limitations of fallible human beings. Which in turn suggests that, if deeper insights into the causes of financial failures were credibly brought forward into the standards and practices of Big Audit, progress might be made in areas that have long defied improvement.

That is – forty years of research have identified sources of bias that are hard-wired into our human DNA, because of which they are pervasive, inevitable and unavoidable. These are shared along with the rest of humanity by auditors who are no better genetically designed or equipped than anyone else to address them. As an effect or consequence, they work to suppress the exercise of professional skepticism, to inhibit the delivery of negative or critical messages and, conversely, to default in favor of confident agreement with management’s upbeat assertions.

Inquiry quickly goes beneath the customary charge that auditors are incentivized to accommodate long-standing clients – a facile assertion yet to be supported by anything like credible research or evidence. Examples among the catalog of broadly-observable instinctive and dangerous shortcuts -- “heuristics,” to use the term explored since the 1970s by, e.g., Nobel economics prize-winner Daniel Kahneman and his late lamented research partner Amos Tversky -- are:

Confirmation bias: The readiness to accept that premises are valid as presented, rather than do the harder work of seeking out and evaluating disaffirming or contrary evidence – in the audit context, the too-ready willingness to agree with submissions and judgments of management.

Over-Confidence: Good news is simply preferred over bad; as John F. Kennedy quoted the Duke of Wellington, “Victory has a thousand fathers; defeat is an orphan.” So too, a bullish quarterly earnings estimate or a Goldilocks reserve calculation will be preferred over the pessimistic alternatives.

Representativeness: Giving credence to that which is familiar and ready to hand – e.g., “this year’s results look much like last year’s – so the trends and estimates can be taken as acceptable.”

Herding and Groupthink: The convergence of individual conclusions with those of the group, especially as led from the top – influenced, for example, by pressures from peers or superiors of time, budget, and engagement evaluations – perniciously seen in the message unsubtly conveyed to junior staff, that “If you raise a problem, then you become the problem!”

From the persistent ubiquity of these influences it would follow – and the regular recurrence of financial irregularities over the decades would confirm – that Big Audit as now designed and performed is of seriously diminished value and effectiveness.

But, with the auditors apparently fated to operate under seemingly universal human behavioural constraints, it is not either necessary or helpful to demonize them by ascribing either malign intent or corrupt motives.

If they are instead doing as well as their human limitations allow, even if not to the level of expected systemic satisfaction, then whole conferences and symposia should be convened, to design and explore the application of new tools and approaches, and to bring these limitations out from the academic shadows into the realms of daily inter-actions among the auditors, their clients, users and the regulators.

In other words, auditors may very well be able to bring their competence and expertise to bear on issues of real importance. But not while they – and all the other players involved in Big Audit – are shackled to a model that demonstrably fails to allow for the ever-present and increasingly well-recognized frailty of human beings – a group that (sometimes reluctantly acknowledged) does include the auditors.

Thanks for joining this dialog. Please share with friends and colleagues. Comments are solicited and welcome, and subscription sign-up is easy and free, both at the Main page.

September 29, 2014

The modern story of Alibaba Group Holding Limited (NYSE: BABA) may be just as “fabulous” as the ancient Persian version in the 1001 Nights (for which, see Burton’s colorful if quaint 1886 translation).

In what ways?

It makes for quite a tale: launched by a school teacher with $ 4000 – explosive growth – reported yearly revenue now $ 5.55 billion – potential as limitless as that of the combined Chinese consumer and business economies on which it feeds.

As a regular part of my graduate-level course in Risk Management, we examine how language can be manipulative or revealing – how names and labels can mis-lead or inform.

Why is it clichéd nonsense, for example, that “Even a broken clock is right twice a day”? How reliable is the maxim, “Buy on the dips”? What is the best reaction to “This time it’s different”?

So the public reaction is interesting to Alibaba’s initial public offering – Jack Ma’s globe-spanning sales tour, the company’s early closure of its order book, the offering price raised to $ 68, and the first-day price pop to $ 92.70 on September 18. With the underwriters’ exercise of their “green shoe” option to sell extra shares, Alibaba raised $ 25 billion and became the largest IPO in history.

All in the face of such darker elements of the “fable” as:

A governance structure that captures and traps investor equity by lodging control in a circle of insiders.

An opaque business model based in the Cayman Islands, operating through a network of separate businesses in the hands of Mr. Ma and his coterie.

A home country distinguished by its resistance to corporate or regulatory visibility – see both the decade-long auditor inspection impotence of the PCAOB and the teeth-gnashing enforcement attempts at work-paper access by the securities regulators of both the US and Hong Kong – and a history of exporting financial chicanery into the world’s capital markets – see the major Canadian regulatory and civil litigation settlements related to Sino-Forest Corp., and the rash of dubious reverse mergers of Chinese companies into partners listed in other markets.

History provides casebook examples of revealing terminology that might have alerted the sharp-eyed, but missed in the credulous buy-in of investors and gate-keepers to the stories of the flim-flam artists:

At Parmalat, the recording of bogus transactions in an account called the “buco nero” might have been suggestive – the Italian equivalent of “black hole” not being immediately obvious for its legitimacy.

A high-tech company in Silicon Valley engaged in that industry’s all-too-familiar practice of recording revenue on transactions not completed at year-end, keeping a separate ledger called the “oven list” – jargon for “half-baked” but booked early nevertheless.

With a thesaurus full of kinder and gentler terms available, Enron’s use of special purpose vehicles denominated the “Raptors” might, for the curious, have suggested their predatory nature and raised the question, “Just who is the prey?”

As for Alibaba – which in its first trading week failed on any day to close above its opening price – there is more to compare with the old story than the image of an open-faced and humble wood-cutter, who by alert if simple eaves-dropping heard the magic phrase that opened the cave of the forty thieves.

As that version played out, AliBaba first concealed and disguised the thieves’ murder of his avaricious brother. And after the dead man’s cold-blooded slave girl had boiled in oil the thieves who came for revenge, and then knifed their chieftain while he sat as AliBaba’s guest at dinner, this superficially callow and guileless peasant looted their treasure trove for the life-time enrichment of himself and his family circle.

Not exactly a model for hospitality, openness or transparency.

So – for the huge herd of investors who rushed to buy Alibaba’s sizzle – in heedless disregard of the quality or even the existence of the steak – the future will soon tell whether, in their collective enthusiasm, they blinked and missed the unsubtle message in Jack Ma’s audacious branding choice.

Thanks for joining this dialog. Please share with friends and colleagues. Comments are welcome, and subscription sign-up is easy and free, both at the Main page.

May 29, 2014

If there can be a fifty-million-euro laughingstock, it must be Guillaume Pepy, the poor head of the SNCF, the French railway system, who was obliged on May 21, 2014, to fess up to the problem with its € 15 billion order for 1860 new trains—the discovery after their fabrication that the upgraded models were a few critical centimeters too wide to pass through many of the country’s train platforms.

Owing evidently to unchecked reliance on the width specifications for recent installations, rather than actual measurement of the thirteen hundred older and narrower platforms, the error is under contrite remediation through the nation-wide task of grinding down the old platform edges.

That would be the good news – the bad being that since the nasty and thankless fix is doubtless falling to the great cohort of under-utilized public workers who so burden the sickly French economy, correction of the SNCF’s buffoonish error will do nothing by way of new job creation to reduce the nation’s grinding rate of unemployment.

The whole fiasco raises the compelling question for performance quality evaluation and control – “How can you hope to improve, if you’re unable to tell whether you’re good or not?”

This very question is being reprised in Washington, where the American audit regulator, the Public Company Accounting Oversight Board, is grilling the auditors of large public companies over their obligations to assess the internal financial reporting controls of their audit clients.

As quoted on May 20 in a speech to Compliance Week 2014, PCAOB member Jay Hanson – while conceding that the audit firms have made progress in identifying and testing client controls -- pressed a remaining issue: how well the auditors “assess whether the control operated at a level of precision that would detect a material misstatement…. Effectively, the question is ‘does the control work?’ That’s a tough question to answer.”[1]

So framed, the question is more than “tough.” It is fundamentally unanswerable – presenting an existential problem and, unless revised, having potential for on-going regulatory mischief if enforced in those terms by the agency staff.

That’s because whether a control actually “works” or not can only be referable to the past, and cannot speak to future conditions that may well be different. That is, no matter how effectively fit for purpose any control may have appeared, over any length of time, any assertion about its future function is at best contingent: perhaps owing as much to luck as to design -- simply not being designed for evolved future conditions -- or perhaps not yet having incurred the systemic stresses that would defeat it.

Examples are both legion and unsettling:

The safety measures on the Titanic were thought to represent both the best of marine engineering and full compliance with all applicable regulations, right up to the iceberg encounter.

A recovering alcoholic or a dieter may be observably controlled, under disciplined compliance with the meeting schedule of AA or WeightWatchers – but the observation is always subject to a possible shock or temptation that would hurl him off the wagon, however long his ride.

The blithe users of the Value-At-Risk models, for the portfolios of collateralized sub-prime mortgage derivatives that fueled the financial spiral of 2007-2008, scorned the notion of dysfunctional controls – nowhere better displayed than by the feckless Chuck Prince of Citibank, who said in July 2007 that, “As long as the music is playing, you’ve got to get up and dance… We’re still dancing.”

Most recently, nothing in the intensity of the risk management oversight and reams of box-ticking at Bank of America proved satisfactory to prevent the capital requirement mis-calculation in April 2014 that inflicted a regulatory shortfall of $ 4 billion.

Hanson is in a position to continue his record of seeking improved thinking at the PCAOB -- quite rightly calling out his own agency, for example, on the ambiguous and unhelpful nature of its definition of “audit failure.”

One challenge for Hanson and his PCAOB colleagues on the measurement of control effectiveness, then, would be the mis-leading temptation to rely on “input” measures to reach a conclusion on effectiveness:

To the contrary, claimed success in crime-fighting is not validated by the number of additional police officers deployed to the streets.

Nor is air travel safety appropriately measured by the number of passengers screened or pen-knives confiscated.

Neither will any number of auditor observations of past company performance support a conclusive determination that a given control system will be robust under future conditions.

So while Hanson credits the audit firms – “They’ve all made good progress in identifying the problem” -- he goes too far with the chastisement that “closing the loop on it is something many firms are struggling with.”

Well they would struggle – because they’re not dealing with a “loop.” Instead it’s an endless road to an unknown future. Realistic re-calibration is in order of the extent to which the auditors can point the way.

Thanks for joining this dialog. Please share with friends and colleagues. Comments are welcome, and subscription sign-up is easy and free, both on the Main page.

December 30, 2012

While bidding
farewell to the old year and welcoming the new, this Christmas Eve story out of Canada should not be lost in the holiday news cycle:

“Over a one-year period during 2011 and ’12,
some 6 million gallons of maple syrup – about $ 18 million worth – were stolen
from the ‘strategic maple syrup reserve’ controlled by the Federation of Quebec
Maple Syrup Producers (FPAQ)…. Last week, three men were arrested in connection
with the heist.”

The Mounties have
ridden to the rescue, the arrest total reportedly has reached 18, and weightier issues can now be on the table
than a supply threat to the breakfast calorie count. Namely:

Producers around
the world closely protect their strategic assets – whether Middle Eastern petroleum
(OPEC), Japanese agricultural products (Nokyo), Colombian narcotics (Cali and
Medellin) or American professional football and basketball players (NCAA). So it
should not be surprising that the question is debated about Quebec, why our typically mild-mannered northern cousins
maintain a government-run cartel to promote market stability in the supply and
pricing of gourmet pancake toppings.

A better question,
though, is just how fully one-quarter of the national stock – the equivalent of
16,000 barrels of syrup – could have been siphoned out of
a warehouse described in the FPAQ’s own press release
as “secured by a fence and locks, and visited regularly.”

The question must
inevitably be asked, in short, “Where were the gate-keepers?”

Fortunately for the
appetites of the world’s luxury crepe-and-candy consumers, the thieves were
undone because they chose the hard way, working their felonious little scheme
on the liquid commodity itself. Their sticky footprints left a trail, because to monetize their scheme required a disposition
infrastructure – trucks and warehousing, a processing facility in
neighboring New Brunswick and a sales pipeline through which to channel their
slippery merchandise into the sweets-addicted US market.

In this, they
suffered the detection risks of scams like that of India’s Satyam in 2009 –
where maintaining a roster of 13,000 phony employees would arouse the curious
to wonder about the absence of ancillary evidence – the ghost workers’
non-existent desks, telephones and withholdings and remittances for health care
and benefits.

Simpler, harder to
detect and far less messy, would have been the time-honored creation of
inventory that was fraudulent and fictitious from the outset. Consider these
classics:

The
great Salad Oil Scandal of 1968, by which Tino DeAngelis floated only enough
vegetable oil on bulk tanks of water to fool auditors who looked and tasted
from the top rather than tapping the tanks at the bottom.

Equity
Funding in 1970’s Los Angeles, with over-stated death benefit liabilities under
fictitious life insurance policies turned into cash through a Ponzi scheme of
cessions to reinsurers.

The
South American coffee shipper, showing tons of stock on its balance sheet and
available for collateralized borrowings, in reality comprising only camouflaged
piles of sand under thin layers of beans.

Over-stated
Texas cattle herds, sold to unwary urban tax-shelter buyers – it being no great
trick to run the same calves repeatedly through a maze of corrals, past the
clip-boards of credulous city slickers unwilling to dirty their suits to
exercise the control of chalk-marking the forehead of each passing animal.

Or the
related German scheme by which a fleet of trucks was over-counted in their
repair sheds by auditors distracted from the back parking lots, where the
vehicles were re-cycled by simply switching their license plates and dashboard
bar codes.

The examples are as
endless as the ingenuity of the criminal mind. Had the light-fingered Canadians
only thought through the vulnerabilities of their targeted provincial cartel’s
control system, they’d have kept their hands far cleaner while moving phony
paper rather than hot syrup.

And they’d have
made their illegal fortune while avoiding not just the brown sticky stuff, but what
will now be extended stays in government custody, where the pancakes in the prison
cafeteria will not be flavored with so much as a drop of down-market Aunt
Jemima’s.

Happy New Year to all. Thanks for joining
this dialog. Please share with friends and colleagues. Comments are welcome,
and subscription sign-up is easy and free, both at the Main page.

An A-list of
participants from major companies and consultancies will be there. Those with
professional or academic interest are invited – program details and enrolment
information are here.

I have the pleasure
of bringing my perspectives on risk management, litigation and disputes to a
great panel, “Effective Trust Repair,”
led by Charlie Green (for whom, seeTrusted
Advisor Associates and his
blog, Trust Matters).

With the quality of
gathered credentials and experience, the discussions will be seriously
substantive – with more nuance and value than the sometime platitudinous
slide-decks of the typical Trust-Building
101 curricula.

Because a forum of
this sophistication can dig far beyond the “easy stuff,” we expect to probe some
of the conventional attitudes. Three such topics are sketched below -- in no
more than the possible appetizer-sized portions.

“Trust Survival” May Be the
Best There Is

Run-of-the-mill literature
on trust in business strongly features its preservation and maintenance. But
take note: when corporate times are rosy, the language of trust gets subsumed
within the overall anodyne vocabulary of feel-good success.

And after the fact
of a disaster, it’s too late.

At the only time it
truly matters – when an enterprise faces existential crisis –– continuity of
trust is at best a problem of second-order importance. And the small circle
making life-and-death decisions -- those directly reporting to the chairman or
the CEO –- are the only people with real influence.

Examples:

As
Arthur Andersen spiraled into disintegration in 2002, it was the peeling away
of partners, clients and its non-US firms – trust was implicated, to be sure,
but at stake was the immediate impact on the firm’s very viability.

At MF
Global last fall, Jon Corzine would have cared less for the preservation of
customer or counter-party trust, when what really mattered was a Hail Mary scramble
for survival that turned into $ 1.6 billion in missing customer funds.

And at
Knight Capital over the weekend of last August 4-5, virtuous concerns for
trustworthiness, following the $ 440 million loss inflicted by a trading
software glitch the week before, would have been subordinated to the search for
friendly rescuers – surrendering ownership to investors prepared to salvage the
firm’s ability to open for business that Monday.

Only if the
enterprise survives, in other words, do the re-builders of trust have a chance
at an invitation to the table.

And even then,
trust-related advisors in a post-breakdown environment risk relegation to the
same role as the medieval camp-followers after battle – executing the wounded
and looting the corpses.

“Trust Building” May Not
Always Really Matter

The constraints of
a cartel or the impositions of regulation affect whether trust in business is
relevant at all.

Nobody loves the indifferent
service of the local cable company or the lock-step piracy of the neighborhood
filling stations. But subscription and consumption continue.

As Michael Corleone
was reminded by Frankie, the disaffected mob soldier in The Godfather II (1974), “Your father did business with Hyman Roth.
Your father respected Hyman Roth. But your father never trusted Hyman
Roth.”

Bond offerings
require ratings, despite the agencies’ consistent behind-the-curve performance
during times of crisis, from the savings-and-loans of the 1980’s to the
subprime mortgage and sovereign debt calamities of this decade. Audit reports
are required by law on the financial statements of public companies, despite
manifest dissatisfaction with their content or their usefulness to readers.

The result in these
contexts is narrowed relationships and skeptical doubts about value. Notions of
“trust” are conspicuously absent from the dialog.

“Trust Repair” May Be
Non-Strategic

Finally, when
business trust is broken, and a supplicant comes around to plead for another
chance, symmetry requires a response by those asked to re-affirm their faith.
What conditions should apply?

In other words,
“fool me once…” – and then what?

Consider the
frequency with which a large-scale fraudster gives early signals of his
corruption – Bernie Madoff’s unbelievable golf scores evidenced his flim-flam. Or even confirms,
like the recently re-jailed Barry Minkow of ZZZZ Best, the overwhelming rate of
recidivism among white-collar criminals.

What combination of
sentiment and compassion, or venality and credulity, blinds the risk processes
of those charged as fiduciaries for their stakeholders, such that the
victimizations continue?

Salience does enter
in, of course. A single disappointing meal at a favorite restaurant should not
kill its reputation, nor an explicable one-time lapse in service by a supplier
or payment by a customer. Some tolerance is required, for the inevitable
breakdowns that inhere in complex systems of human design.

But while
repentance and forgiveness have their place in a caring society, prudent risk
management counsels against re-admitting a known fox for a return visit to the
henhouse.

These are among the
complex issues, and they have no simple answers. Reactions here are invited and
encouraged. And those able to extend the discussion in New York on October 2
are most welcome.

Thanks for joining this dialog. Please share
with friends and colleagues. Comments are welcome, and subscription sign-up is
easy and free, both at the Main
page.

August 07, 2012

It has not been difficult, through this summer of discontent and turmoil in the world’s financial markets, to ignore with enthusiasm the comprehensively vacuous observations of the tenth anniversary of the Sarbanes-Oxley law.

Readers will recall my long-held skepticism about that knee-jerk post-Enron exercise, going back to my July 20, 2002 observation in the International Herald Tribune about the preliminary Senate vote, that “any legislation receiving the bipartisan margin of 97-0 is bound to be fundamentally defective.”

Nor has the decade horribilis given any reason to change.

Of the smug and fatuous self-congratulations of the bill’s eponymous sponsors (webcast on July 30, 2012), the less said the better. As the English essayist Charles Lamb wrote about a blame-worthy poetic effort:

“It would be an insult to my readers’ understandings to attempt anything like a criticism on this farrago of false thoughts and nonsense.”[1]

Rather, some unasked questions should be advanced.

Regarding the self-interested back-patting of those with careers to be served by the inflictions of Sarbox –- the PCAOB’s members and staff and the spokesmen for the accounting oligopoly dependent on its compliance revenue:

“Would the elves in Santa Claus’s toy shop be expected to vote against Christmas?”

As for those purporting to see some claim of benefit, yet propounding no solutions to the continued eruptions of financial chicanery (here, here and here), the challenge remains that the cyclical nature of market bubbles makes inevitable a post-scandal period of cleansing and temporary return to virtue – political dynamics notwithstanding.

Put another way, the storm of both scandal and outrage after Enron and WorldCom was bound to clear, no matter what. So instead of the wrong question, whether post-Enron corporate behavior is now improved, under both the Sarbanes-Oxley law and the law of unintended consequences, the proper operative question should be:

“Would financial reporting and assurance not be better if Sarbanes-Oxley had not been passed at all?”

First, American law since 1934 has pronounced it illegal to make false statements in connection with the purchase or sale of securities. So – as confirmed by the absence of prosecutions under the redundant Sarbox requirements for executive certifications of financial results (summarized by Michael Rapaport and Francine McKenna) -- that exercise has from the outset never been more than optics and cosmetics.

Second, a decade of PCAOB intrusion into the relationships between auditors and clients has engulfed the corporate reporting process in cost, paperwork and degradation of the assurance function (here and here) – while, into the bargain, failing either to advance coordinated global-scale assurance regulation and oversight in most of the world’s major capital markets (here) or to prevent (among others) the wave of securities malfeasance of off-shore origin, notably from China.

Third, as to the law’s centerpiece obligations on internal controls reporting and assurance, it was always true, even pre-Sarbox, that most decently-controlled companies would do reasonably well on compliance, most of the time – while a parade of horribles since then has made it clear that, for reasons of scope limitation or plain enforcement dysfunction, the law has been ineffectual against the rare but all-too-frequent and truly consequential cases.

A brief post-Sarbox sampler illustrates that – as generally true of large-scale challenges to risk identification and management -- it is the “outlier” cases that really matter:

The control failures that brought down Bear Stearns and Lehman Brothers

The “buco nero” at Parmalat and the ghost employees at Satyam

The in-house looting by the chief financial officers of Koss in Milwaukee and the city of Dixon Illinois

The valuation fantasies behind the window-dressing at Fannie Mae and Freddie Mac

The incentives-driven perversions in the mortgage businesses models of Washington Mutual, Countrywide and New Century

The derivatives and trading fiascos at UBS, JP Morgan Chase, MF Global and now Knight Capital

What then is the purpose of law-making? Sarbanes-Oxley has manifestly not ameliorated the flaws persistent in the nation’s corporate reporting and assurance structures -- then of what use or benefit has it been?

And, if only the mis-leading politically-motivated placebo that it appears, what more should be expected both of our elected representatives and of those aspiring to hold them to account?

Thanks for joining this dialog. Please share with friends and colleagues. Comments are always welcome, and subscription sign-up is easy and free, both at the Main page.

May 17, 2012

The revelation of a $ 53 million embezzlement by the treasurer and comptroller of the city of Dixon Illinois – home of the 40th American president – once again brings this to the fore:

“Why are the accountants still so bewildered that there should be an ‘expectations gap’?”

According to her criminal indictment released on May 1, Rita Crundwell went undetected since 1990 in accumulating all the appurtenances of a life of rural luxury – not only the typical clothing and jewelry, but trucks and trailers, Liberty Coach motor home and Ford Thunderbird convertible -- all supporting her sideline prominence in the boots-and-bling world of quarterhorse breeders (here).

Extractions of that magnitude, from the coffers of a city with an annual budget of only $ 8 to $ 9 million, might have required her full-time devotion to shoveling the cash with both hands. But the self-efficient Ms. Crundwell did not scruple to observe four full weeks of paid vacation each year, and was evidently only caught out when she extended her absence to an additional twelve weeks.

Separation of employees’ duties? Back-up authority that someone else should glance at the city’s checkbook? Allowing her family members to pick up the city’s mail while she was on her holidays? Could the demands of minding the city’s affairs be so simple, naive and blasé, even in the exurban Midwest?

As for the expected queries (here and here) – what about the gatekeepers at the corral?

A large regional accounting firm is reported to have done compilation services for the city since 2006, having done audits in prior years.[1] But the distinction has so far not been explored.

Which, borrowing a metaphor from Ms. Crundwell’s expensive equestrian hobby, is to beat a sad and very dead horse. Because, as the professionals are in the process of learning to their sorrow, simple proximity and association are enough to attract whole worlds of grief.

The International Auditing and Assurance Standards Board – source of auditing standards on a global basis – on March 16 issued a new version of guidance on the performance of compilations:

"Since a compilation engagement is not an assurance engagement, a compilation engagement does not require the practitioner to verify the accuracy or completeness of the information provided by management for the compilation, or otherwise to gather evidence to express an audit opinion or a review conclusion on the preparation of the financial information."

The IAASB also speaks to the intended use of compiled financial statements, however, posing the question whether:

"External parties other than the intended users of the compiled financial information are likely to associate the practitioner with the financial information, and there is a risk that the level of the practitioner’s involvement with the information may be misunderstood …"

What the IAASB does not offer – understandably, considering the many settings in which full-blown audits are not worth the cost or effort involved – is aide to either the profession or the user community on a necessary risk-based inquiry:

“Just because a service can be done, does it make any sense and should it be done?”

The accounting profession, mistakenly relying on disclosure of the limits on what a compilation report does or does not say, has traditionally looked on that work as low risk – which it mostly is. But consider the environment, and the typical level and quality of competence, governance and integrity in municipal government. What level of confidence should with safety be routinely reposed in those entrusted with management of a small city’s financial resources?

A typical compilation report – while offering no opinion – does recite that the accountant has performed with appropriate skill, ethics and the exercise of appropriate professional judgment. But that is all it takes to get burned.

I have tried to get across, both to my students in Risk Management and to my friends and clients in the profession, that for one caught holding an empty gasoline can, while standing next to a suspicious conflagration, it is not easy to avoid suspicion of arson. The explanation goes down hard, that the container was an innocent impulse purchase at the local hardware store.

As both an exercise for law and business students, and a message in the real world: there is no harm in not wearing a seatbelt, most of the time – or in not locking the barn door. Except for the rare time when it isn’t okay – and then it really matters. A long record of “being lucky” or a history of “getting by” counts for nothing when a bad event exposes the devastation wrought by casual habits.

How accountable the good townsfolk of Dixon will hold their city fathers for the quality of their stewardship – and whatever the exit cost may ultimately be, for a blinkered exercise in the assessment of risk and exposure to Crundwell’s plundering – it is once more made crystal clear that the accounting profession continues to market services that are under-comprehended and over-sold.

Thanks for joining this dialogue. Comments are welcome, and subscription is easy and free, both at the Main page.

[1] My requests to the firm’s media contact for an opportunity to converse have not been answered.

February 14, 2012

If the essence of strategic decision-making lies in the assessment of potential rewards under uncertain conditions, whole seminars can be taken from the last minute of this year’s Super Bowl between the New York Giants and the Boston Patriots.

For extra flavor and pedagogic potential, both coaches in this 46th edition of America’s great sporting spectacle had to make choices that ran against their deepest, aggressive go-for-broke instincts.

Trailing by two points on the Boston six-yard line, Giants coach Tom Coughlin could come from behind and win with a chip-shot field goal – a high-odds likelihood but never a certainty. So to keep the ball out of the hands of dangerous Boston quarterback Tom Brady, his interest was not an attempted touchdown – but to stay out of the end zone and run the clock near zero before what would be the winning kick.

Whereas, having no chance to win without his offense on the field, Boston coach Bill Belichick’s defense had to allow the Giants a quick touchdown to have any last-minute hope.

The play itself was surreal. Giants running back Ahmad Bradshaw, offered a clear path by the Boston defense, drove for the end zone with all the DNA of his entire playing history – realized his error and tried to stop short – but failed to halt his momentum, stumbling awkwardly for a bizarre and unintended score.

At that point, the decision-theory exercise was complete. The game’s final outcome was then only interesting from the perspective of one of the largest-ever audiences of actual football fans.

As frequently the case, the ultimate outcome did not undercut the validity of either strategy – to which it was equally irrelevant that Boston was unable to score in their last remaining drive, or that the Giants snatched a victory despite Bradshaw’s gaffe.

In other words: Coughlin had the right idea, but his player failed to execute – and he still won the game. Belichick was no less canny, and got precisely his desired result – only to see Brady’s final drive fall short.

As my students in Risk Management come to grasp, it is not just the balance of success or failure of competing alternatives, but the magnitude of the consequences in either direction: a multi-dimensional decision calculus weighs both a huge potential benefit against a modest chance of loss, but also a likely but small upside against an unlikely but possible catastrophe.

Examples run from the deeply personal, through all aspects of commercial and professional behavior, to the highest levels of governmental policy-setting:

To the feckless Francesco Schettino, captain of the stricken Costa Concordia, the frisson of a near-shore detour overcame his judgment as to the hazard that his ship would land on the rocks.

To MF Global’s Jon Corzine, now-fallen former master of the universe, the desperate gamble to save his enterprise made it worth raiding the accounts of his customers.

To central bankers confronting the potential collapse of, say, a General Motors or an AIG or the sovereign debt of a Greece or an Ireland, the ability to quantify and evaluate the “success” of a bailout must include complex and uncertain consequences, economy-wide, of both action and inaction.

The choice-making architecture in all of these – from the football field to the captain’s bridge to the bankers’ boardrooms – traces back to the proposition posed by the 17th century French mathematician and philosopher Blaise Pascal, on how the rational man should wager on the existence of a benevolent god:

There is no downside to affirmative belief, which if ultimately correct gains an eternity of heavenly reward – whereas to doubt has no immediate benefit but if proved wrong carries the punishment of eternal damnation by an angry diety.

It’s getting the downsides properly evaluated that is often the hardest, as I have written elsewhere. Belichick was challenged, because to allow an opponent’s unimpeded score went against the competitive grain – unappealing, but less consequential than the likely prospect of a Giants winning field goal.

Fortunately for Coughlin, on the other hand, his choice had an inbuilt hedge – the undesirable touchdown gave him a four-point margin, putting back on Boston the higher burden of driving the field, within an NFL minute, to answer in kind.

As for Captain Schettino or Mr. Corzine or the world’s purported financial wizards – however sincere their various professions of hindsight regret might be – only the bright sunshine of prosecutions or public inquiry will shed light on the extent to which they were remotely conscious of the potentially catastrophic results of their choices.

Thanks for joining this dialog. Please share with friends and colleagues. Comments are welcome, and subscription is easy and free, both at the Main page.

January 25, 2012

Cause for concern are reports that European air safety officials have ordered inspections of cracks in the mounting brackets that attach the wings of the Airbus A380 – already a plane with a long history of delays, design issues and cost over-runs.

And if the bland assurances being spun by the manufacturer’s publicists – that “the cracking problem … is not a safety risk in the short- to medium-term” – reflect the company’s risk assessment attitude, then a suppressed but potential catastrophe is a matter of time – a mid-air disintegration with massive casualties and the subsequent grounding of an entire discredited fleet.

I am just winding up a month-long Risk Management teaching engagement, migrating an MBA-level curriculum to a class of undergraduates.[1]

Some recalibration has been involved. At the graduate level of business and law students, our focus is on the broken models and ineffective risk processes that have characterized the worlds of finance and banking, insurance, accountancy and professional services, over the years of the credit crisis. These run through the period -- from the collapse of Bear Stearns to that of MF Global; from rogue trader Jérôme Kerviel at Société Générale to his UBS counterpart, Kweku Adoboli; from the corruption of the American subprime mortgage market to that of Japanese corporate governance at Olympus.

Younger students stay with the basics – the human behaviors by which incentives are skewed, failures are rationalized away, and incipient disasters are hidden under the mistaken illogic that safety and soundness can be inferred, only because a breakdown “hasn’t happened yet.”

The discovery of cracks in the “rib feet” of the A380s presents a long-familiar challenge: what response is proper to the emergent symptoms of a potentially devastating event?

It is all too natural to put up an optimistic face – to admire success and to wish away the language of bad news. But the consequences can be dire:

The late Steve Jobs may well have paid with his life for his denial-based postponement in treating his pancreatic cancer.

The Italian liner Costa Concordia would most likely be cruising in comfort, rather than lying as a hulking wreck, had the supervisors tracking its earlier near-shore wanderings acted on the ready GPS data revealing the captain’s record of reckless behavior.

And the signs of corruption in Bernie Madoff’s Ponzi operation were well within view, both to the SEC and to his investors, had they not chosen to turn blind eyes to the readily apparent.

Historical memory is hard to hold, especially where corporate budgets and profits and bonus payments depend on the wishful avoidance of delays, repairs and caution-based slow-downs.

But for learning directly applicable to the A380 and its cracks, my students have just scrutinized the 1986 case of the space shuttle Challenger – launched to its fatal explosion, before they were born, over the engineers’ objections that cold weather would threaten the flexibility of the eroded O-ring seals on its rocket booster.

The logical flaw in the shuttle case extends: The fact that prior launches had succeeded, despite O-ring erosion, did not provide comfort for future launches under other conditions. No more, that the A380s may have flown so far without incident despite wing bracket cracks – when such potential stresses as severe weather, hard landings or simple future wear-and-tear fatigue would change the failure calculations and render invalid the assumptions underlying margins of safety.

In other words, paraphrasing with emphasis physicist Richard Feynman on the shuttle, “the A380 rib feet were not designed to crack. Cracking was a clue that something was wrong. Cracking was not something from which safety can be inferred.”

In the Challenger case, seven astronauts and a space vehicle were lost to the deficiencies in NASA’s risk management. As for the A380, has any learning occurred?

As soon as my final grading is done, I will be uplifting for Paris and a spring-semester teaching gig with law students there.

But not on an A380. In its wounded state, I will be happy to book on the robust aircraft of an American airline.

Thanks for joining this dialog. Please share with friends and colleagues. Comments are welcome, and subscription is easy and free – both on the Main page.

[1] My thanks and gratitude to the congenial community of Carthage College – faculty, administration, support and especially the students in my seminar – for a welcome and an experience as warm as this unseasonable winter in Kenosha, Wisconsin.

January 11, 2012

I recently made my first visit to the tiny island nation of Malta – once the Mediterranean crossroads of crusaders, smugglers, pirates and profiteers, now better known as a way-stop on the marine route of refugees fleeing coastal North Africa for near-by Sicily and mainland Italy.

My impressions -- of a country and people with much to be modest about -- leave me uneasy, with Malta now touted as headquarters to a rapidly-expanding roster of European-based hedge funds – e.g., here and here.

This is not good news. Because if true, the fuse is lit and sparking on the next explosive weapons of financial destruction.

For all its storied history, today’s Malta is a backwater. The country’s low-wage economy survives on limited tourism for history buffs, and second-language schools serving a heavy demand for English because the native tongue with its Arabic origin and Latin orthography is unlearnably complex, marginalized, and disappearing.

In by far the smallest country in the Euro zone, with a population of 400,000 mainly unprepossessing Catholics, the focus of governance is limited to the legality of divorce. While, as I was told by the under-employed college graduate who drove our taxi from the airport, ”You’ll probably never see a policeman during your visit. There’s so little crime, they go into the parks and sleep in their cars behind the trees.”

Transport on Malta until last summer’s upgrading was dominated by fleets of clapped-out orange and yellow buses, of a vintage more worthy of pre-Castro Cuba than a full-fledged member of the European Union.

The inevitable question asked by a tourist looking over the pervasively sand-colored Italianate architecture is, “Doesn’t a country with aspirations to be taken seriously care enough to wash its cars and clean the dirt off its windows?” To which the prompt and unashamedly self-deprecating answer, “who cares?” is that the prevailing winds off the African desert make a daily layer of dust as inevitable as the sunrise itself.

After centuries of outside dominance, latterly in the form of British colonial oppression until independence in 1964 and eventual troop withdrawal in 1979, a legacy of brain drain and talent flight assures a vacuum of local vision and mediocrity of leadership.

“Maltese” evokes several things – post-Crusade centuries of knightly influence, toy-sized white dogs in the laps of ladies who lunch, and the elusive avian statue that so bedeviled Humphrey Bogart’s Sam Spade in the eponymous 1941 re-make of Dashiell Hammett’s noir novel.

What it does not call up is a legitimate industry of well-regulated financial institutions.

So what is nascent, with the explosive growth of a Maltese hedge fund sector, is dangerous regulatory arbitrage – the potential for a rush to the bottom not seen since “regulatory capture” in Antigua and Barbuda laid the foundations for Allen Stanford’s Ponzi scheming, through his purchase of a tin-plated knighthood along with the compliant gate-keepers’ keys to that country’s thatched-cottage banking industry.

The cases are legion that even big-country regulators have been asleep on the watch – from the SEC’s failure to finger Bernie Madoff, to OFHEO’s late-arriving blinking at the sub-prime mortgage trainwrecks of Fannie Mae and Freddie Mac, to the PCAOB’s belated discovery of something rotten in reverse-merger Chinese public companies coming to America to list on its exchanges.

So the chances that the Maltese have the competence to escape a worse fate, in response to the invading hordes of hedgies in their private jets and sharply tailored suits, are precisely nil.

I have been bold in this space to make an occasional prediction about the expected times and places for outbreaks of unpleasantness – in Islamic finance, a Madoff-related suicide, or the rates of white-collar recidivism exemplified by Barry Minkow’s return to prison – with a record that is almost distressingly robust.

Readers prepared to files these views on the likelihood of serious mischief erupting on Malta into a time capsule with a three-to-five year seal are invited to check back with me then.

In the meantime, pending the passage of time sufficient to prove me right, prudence suggests that investors seek a home for their hot and mobile Euros other than Malta.

Thanks for joining this dialog. Please share with friends and colleagues. Comments are welcome, and subscription is easy and free, both at the Main page.

November 07, 2011

The national recalibration caused by this weekend's fall-back to standard time is a reminder of the cliché recently repeated by a friend, that:

“Even a broken clock is right twice a day ….”

Or so it is supposed, for the proposition that some information is better than none at all.

I will spare my friend's identity, since this is not personal. But as studied by my students in Risk Management, it is vitally important to scrutinize both what you know and what you don’t – and not be misled into missing the difference by the invocation of familiar but unexamined verities.

I surveyed my students – who with their PC’s and iPads and smartphones are carrying around an average of 2.5 devices providing them with the hour – of which only a fraction are readable by way of little hands pointing at a circular array of twelve numbers on a dial.

It’s the same in today’s public life: the handsome golden landmark clock in Grand Central Station is an anachronism, superseded by the blinking digital screens of the airport flight announcements, the pulsing scoreboard lights of the sports arenas and the obnoxious talking panels of the typical office elevator.

Even in the classroom for my MBA course, a sleek modern rectangular digital time screen hangs above the door.

Here’s the point: when broken, the ubiquitous digital clocks simply go blank. There is no sense in which, when non-functioning, a dark and empty display can ever be “right.”

So the claim is incomprehensible to anyone raised in a world of digital time-pieces. Baby-boomers are likely the last at risk of being led astray, having grown up with (and still using) analog time-keeping machinery.

At no time in the diurnal cycle is any meaningful time guidance offered by a crashed computer or an uncharged cell phone – or, for that matter, a dead microwave or DVD player or any of the myriad of appliances now equipped with digital clocks on which generations younger than the fogies rely.

The “right twice a day” assertion also suffers a more subtle flaw: How do you know? The question of “right-ness” is only testable by reference to an outside source. Looking at the hands of a broken clocked stopped at the classic “ten-to-two,” you may suspect being late for lunch. But you can’t know without a working alternative. Whatever its format, no informational value is added by viewing the face of a dysfunctional clock.

The inquiry really needs to go down another layer, though, to the reason for calling on the cliché in the first place.

Examples abound where a little information is actually worse than none, especially where users are lulled into a false sense of security and over-confidence.

Unmarked and narrow country roads suffer a lower rate of fatal vehicle accidents, for example, than high-speed expressways, even if the latter are fitted with lane markers and rumble strips and crash barriers, precisely because the rural lanes demand high degrees of focus and attention, prudence and speed discretion.

Equally, day traders seduced by computer-generated graphs and charts of stock price activities are lured into the misapprehension that the flood of data is a reliable measure for predictability, only to crash and fail at the rate of amateur punters in a casino.

And on a global scale since 2007, the road to financial ruin has been littered with the reputational corpses of those who mistakenly believed that the quants’ “value-at-risk” models and their off-spring sufficed to support their portfolios of exotic financial products – among them, Jimmy Cayne of Bear Stearns, Chuck Prince of Citi, Dick Fuld of Lehman Brothers and most lately, Jon Corzine at MF Global.

Which is not to say that there is nothing at all to learn from a clear-eyed acknowledgement of the limits on the knowable. But more likely than an unexamined repetition of a maxim that is both conventional and therefore probably wrong, let the inquiry seek wisdom from the more humble perspective of the counsels of caution.

PS: An invitation: send me your suggestions for other clichés worthy of attention and deflation. Thanks.

Thanks also for joining this dialog. Please share with friends and colleagues. Comments are welcome, and subscription sign-up is easy and free, both at the Main page.

September 22, 2011

Many others could not say the same. They include Oswald Grüber, Carsten Kengeter and Maureen Miskovic – the chief executive, head of investment banking and senior risk officer of UBS – whose balance sheet the 31-year-old trader has blown up to the tune of $ 2.3 billion, through the unimaginative if devastating use of fictitious customer trades to mask his massive wrong-way bets on the S&P 500 and other major indices.

While Adolboli will stay another month in custody in London, and Grüber’s team of gnomes in Zurich begin the extended process of damage assessment and control of this latest outbreak at the troubled bank, I have the privilege of bringing to a seminar at the University of Chicago Law School the MBA-level course in Risk Management I have taught at business schools these last three years.

Arrested on the third anniversary of the collapse of Lehman Brothers, Adoboli not only lets me throw out the opening pages of my introductory lecture notes, on the inevitable eruption of large-scale unmanaged risks in complex systems. He also replaces Société Générale’s Jérôme Kerviel as a final exam topic on the test question, “Where’s the rogue?”

In the law school environment, we will explore the proposition freshly demonstrated at UBS, that compliance-oriented risk systems – limited in concept, execution and assurance to the narrow and unsatisfactory conclusion that “most things are working, most of the time” – are both wasteful and ineffective to detect or deter an existential threat.

It’s as true for a rogue trader as for a suicide terrorist: doing pat-downs or box-ticks of an entire population, whether grandmothers on airplanes or bank clerks writing customer orders, will not stop the dangerous deviant capable of causing a blow-up – however much those intrusive and costly procedures may serve the political goal of lulling both leaders and constituents into a false if harassed sense of security.

In context of Adoboli’s shenanigans, said to date back to 2008 when UBS itself was bailed out of the consequences of its ill-fated venture into subprime mortgage-backed derivatives, on through its climb-down before the Justice Department over the business of sheltering US taxpayers, there is painful irony in reading the bank’s self-congratulation on the subject of its risk management. Take, for example, excerpts from its 2010 annual report:

“Operational risk is the risk resulting from inadequate or failed internal processes, human error and systems failure, or from external causes (deliberate, accidental or natural). Events may be manifested as direct financial losses or indirectly in the form of revenue forgone as a result of business suspension. They may also result in damage to our reputation and to our franchise causing longer term financial consequences.

“Managing risk is a core element of our business activities, and operational risk is an inevitable consequence of being in business. Our aim is not to eliminate every source of operational risk, but to provide a framework that supports the identification and assessment of all material operational risks and their potential concentrations in order to achieve an appropriate balance between risk and return.

“… Management, in all functions, is responsible for establishing an appropriate operational risk management environment, including the establishment and maintenance of robust internal controls and a strong risk culture.” (All emphasis added.)

With that, a question could be posed to Mr. Grüber concerning the bank’s reported 2010 payment of fees to Ernst & Young of 67.4 million Swiss francs ($ 59 million at today’s exchange), of which CHF 58.5 million were classified as audit, to obtain the latest annual version of a standard auditor’s report:

“With hindsight, how badly would you have wished to re-direct some portion of that audit fee to an engagement to conduct a precise and effectively directed, root-and-branch scrutiny of the condition of the controls at the sections of your bank having potential to inflict multi-billion dollar harm?”

Because herein lies the puzzle, about the unavailability of such valuable assurance to replace today’s outmoded commodity product:

In launching its concept release on the auditors’ report, Public Company Accounting Oversight Board chairman James Doty’s June 21, 2011 statement acknowledged “generalized investor dissatisfaction with the pass-fail model, and generalized frustration with auditors who had issued unqualified opinions on the financial statements of banks that later failed.”

And yet -- the entire community of financial statement issuers, users, regulators and auditors remain committed to what one comment letter notes as “the PCAOB’s intent to retain the current (‘pass/fail’) form of the auditor’s report.” As stated, there is “overwhelming support from all stakeholder groups for retaining this long-standing approach to auditor reporting.”

Why?

Kweku Adoboli now stands as poster boy for the unrecognized urgency of replacing that model.

Thanks for joining this dialog. Please share with friends and colleagues. Comments are welcome, and subscription sign-up is easy and free, both at the Main page.

June 01, 2011

There’s a stack of final papers in my Risk Management course – and an apero on the sunny terrace of the neighborhood café, to ease the grading process.

And a fond wish for one more class session, to dissect last weekend’s lesson in the disastrous consequences of bad risk assessment and choice-making under high-stress competitive conditions.

It happened at Sunday’s Indianapolis 500. Rookie driver JR Hildebrand had a comfortable lead going into the final lap. But instead of riding easily to victory, he attempted a high pass of a slower car on the very last corner, crashed into the wall, and slid his wreck to a second-place finish – passed by the doubtless astounded Dan Wheldon, on whom Hildebrand’s error of judgment and the fickle gods of fate bestowed a gift beyond imagination.

Aggressive, brave or foolish – the high cost of immature enthusiasm under “win or crash” analysis is not rare. Recall the Olympic gold medal that snowboarder Lindsey Jacobellis threw away on her final run at Turin in 2006, with her ill-advised showboating stunt attempt on the last bump.

My class of MBA and Finance students focuses on lessons from highly-consequential decisions, especially in failure situations – drawn from many fields into the worlds of commerce and professional services, where most will eventually work, and where senior leaders charged with risk responsibility have performed so poorly over the last four years.

From Hildebrand’s split-second choice – now part of racing lore and a life-long mark on his career record, they would take at least these two:

First, the skills and energy of the young are to be recognized and respected; a new hot-shot does command attention and can achieve greatness, whether in sport or government or a trading room. But as events at Indy showed, the converse is no less valid. Beginner’s luck is no substitute for seasoned strategy, and those surviving to accumulate the scars of experience bring wisdom that tempers rash choices.

Provided Hildebrand does learn his risk/reward lesson, in other words, he is not likely to repeat it.

Therein lies learning for business and financial disciplines, still struggling past the recent crisis. The tragically short time horizon of the designers of exotic derivatives, and the exclusion from the quants’ risk models of events beyond their recollection, created the conditions for the crushing impact of events erroneously thought to be unforeseeable.

The second lesson from Hildebrand’s choice-making looks at the structure of his decision matrix: a binary choice -- “try to pass” or “lay off” -- but with alternative and different benefits and detriments for each.

The consequences of playing safe and cautious were in his favor: there was no downside, as he was at no risk of being overtaken, and to cruise safely meant a checkered flag.

In choosing to charge the corner, on the other hand, he had negligible upside – he was already holding a dominant lead – while, as events proved, the downside of being unsuccessful was catastrophic.

(Take note, of course, that the calculation could alter dramatically – if, for one case, he was trailing and needed a last-minute pass to advance, or if he was tightly shadowed and at risk of losing his lead.)

The metaphor extends, readily enough:

Should an investment manager double down on a losing strategy, which unless reversed will bankrupt his fund? Or should the size of his positions be controlled along the way, so that no single exposure could threaten his entire firm’s survival?

Should an entrepreneur put all his capital at risk to start a new venture? To a retiree in reasonable comfort, the upside is limited, but the hazard of a failed and penurious old age is real; while to a new graduate with a long view, fortune favors seizing the greatest number of jackpot opportunities.

The under-appreciated risk-assessment obligation, all of this should suggest, lies in deliberate attention, usually overlooked, to the alternative choice: the action foregone, the rejected Plan B, the road not taken, the decision not to charge ahead.

To a rookie Indy driver with his hair on fire and his foot to the floor, this would all seem abstract, bloodless and pedantic. But it should feel otherwise to a risk officer whose strategic control over a floor of stoked-up traders is his bank’s best hope for survival through the next bubble.

Because my students are more likely, post-graduation, to steer companies and to run portfolios, than to drive turbocharged racing cars, the sorry case of JR Hildebrand’s impetuous mis-chance will keep a place in my curriculum.

Thanks for joining this dialog. Please share with friends and colleagues. Comments and suggestions are welcome, and subscription is easy and free – both at the Main page.